VITAS Healthcare, a Florida-based hospice provider operating in 15 states, experienced a data breach between **September 21 and October 27, 2025**, when an unauthorized party accessed and downloaded **personal information of current and former patients** via a compromised vendor account. The breach was discovered on **October 24, 2025**, prompting immediate containment measures, including system security reinforcement, engagement of cybersecurity experts, and law enforcement notification. While the exact number of affected individuals and the specific types of compromised data (e.g., Social Security numbers, medical records, addresses) were not disclosed, VITAS confirmed no evidence of misuse yet. As a precaution, the company offered **24 months of free credit monitoring and identity protection services**, alongside a dedicated hotline and website for support. The incident underscores vulnerabilities in healthcare data security, particularly due to third-party vendor risks, and aligns with a broader trend of rising breaches in the sector (725+ large breaches reported in 2024 alone).
VITAS Healthcare cybersecurity rating report: https://www.rankiteo.com/company/vitas-healthcare
"id": "VIT5334453112525",
"linkid": "vitas-healthcare",
"type": "Breach",
"date": "6/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown (some current and '
'former patients; exact number '
'not disclosed)',
'industry': 'Healthcare',
'location': {'headquarters': 'Miramar, Florida, USA',
'operational_areas': '59 service areas '
'across 15 states, '
'including Florida'},
'name': 'VITAS Healthcare',
'size': 'Over 22,000 patients cared for daily',
'type': 'Hospice Provider'}],
'attack_vector': 'Compromised vendor account',
'customer_advisories': 'Patients advised to monitor credit and identity; 24 '
'months of complimentary credit monitoring and '
'identity protection services offered.',
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (patient health and personally '
'identifiable information)',
'type_of_data_compromised': 'Personal information '
'(potentially includes names, '
'dates of birth, Social Security '
'numbers, addresses, and other '
'PII)'},
'date_detected': '2025-10-24',
'date_publicly_disclosed': '2025-11-24',
'description': 'VITAS Healthcare, a Florida-based hospice provider, '
'experienced a data breach where an unauthorized party '
'accessed and downloaded personal information of some current '
'and former patients. The breach was detected on October 24, '
'2025, and involved access between September 21 and October '
'27, 2025. The company has taken steps to contain the '
'incident, notify affected individuals, and reinforce data '
'protection protocols. No evidence of misuse of patient data '
'has been found, but VITAS is offering 24 months of '
'complimentary credit monitoring and identity protection '
'services as a precaution.',
'impact': {'brand_reputation_impact': 'Potential trust erosion among patients '
'and families; proactive transparency '
'measures taken',
'data_compromised': True,
'identity_theft_risk': 'Potential (credit monitoring offered as '
'precaution)',
'operational_impact': 'Vendor oversight and data protection '
'protocols under review; systems secured '
'post-breach',
'systems_affected': 'Certain VITAS network systems'},
'initial_access_broker': {'entry_point': 'Compromised vendor account',
'high_value_targets': 'Patient personal information '
'(current and former)'},
'investigation_status': 'Ongoing (internal investigation with cybersecurity '
'firm assistance; no evidence of data misuse as of '
'disclosure)',
'post_incident_analysis': {'corrective_actions': 'Reviewing and strengthening '
'vendor oversight and data '
'protection protocols'},
'ransomware': {'data_exfiltration': True},
'references': [{'source': 'The News-Press / Naples Daily News'},
{'source': 'VITAS Healthcare Public Announcement',
'url': 'vitasdatanotice.com'},
{'source': 'HIPAA Journal (2024 breach statistics)'}],
'regulatory_compliance': {'regulations_violated': 'Potential HIPAA violations '
'(not yet confirmed or '
'listed in HHS federal '
'database as of 2025-11-24)',
'regulatory_notifications': 'Not listed in HHS '
'federal database as of '
'2025-11-24; likely to '
'be reported given the '
'nature of the breach'},
'response': {'communication_strategy': {'credit_monitoring_offered': '24 '
'months '
'of '
'complimentary '
'credit '
'monitoring '
'and '
'identity '
'protection '
'services',
'dedicated_hotline': '855-403-1586 '
'(Mon-Fri, 9 AM '
'- 9 PM ET, '
'excluding U.S. '
'holidays)',
'dedicated_website': 'vitasdatanotice.com',
'direct_notification_to_affected_individuals': True,
'public_announcement': True},
'containment_measures': 'Systems secured immediately upon '
'detection',
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'remediation_measures': 'Reviewing and strengthening vendor '
'oversight and data protection protocols',
'third_party_assistance': 'Engaged a leading cybersecurity firm '
'for investigation and analysis'},
'stakeholder_advisories': 'Dedicated hotline and website established for '
'affected individuals; direct notifications sent to '
'impacted patients.',
'threat_actor': 'Unauthorized party (unknown specifics)',
'title': 'Data Breach at VITAS Healthcare Affecting Patient Information',
'type': 'Data Breach'}